Information Security Awareness Adviser

What we do

The International Committee of the Red Cross (ICRC) works worldwide to provide protection and humanitarian assistance to people affected by armed conflicts and other situations of violence. The protection and responsible use by ICRC staff of the ICRC information systems and the sensitive information it collects and manages in the field and at the Headquarters is key to protect the security of ICRC staff, partners, interlocutors and beneficiaries and to be able to work in very difficult environments.

Purpose of the post

The Information Security Awareness Adviser will lead a 2-year information security awareness project to sensitize and train ICRC managers and staff on information security and cyber hygiene, and promote the information security guidelines and best practices in order to mitigate the institutional top risk on information security.

This position will be based at the ICRC Headquarters in Geneva, but will be asked to carry out regular short field missions to delegations in contexts where the ICRC is operational. It will report to the Deputy Director of the Department of Communication and Information Management, who chairs the ICRC Information Security Board. This position will work in close co-ordination with the ICT security officer, the Data Protection Office and the Information Management Unit.

Main duties and responsibilities

• Produce a gap analysis to define a baseline (with KPIs) and a strategy/approach on which to build a sustainable information security awareness campaign;
• Produce, follow up and update a plan of action with a set of actionable measures;
• Animate a transversal board and report to it on a regular basis;
• Produce or adapt an e-learning on information security hygiene for all staff;
• Organize sessions to sensitize the ICRC managers and staff, at the HQ and in delegations;
• Embed information security in the current managers/staff training and workshops;
• Produce and update information security tips on a dedicated dynamic intranet page;
• Identify a network of information security champions/relays;
• Train the trainers & the information security relays;
• Produce awareness and training materials (videos, leaflets, posters, presentations, training modules);
• Carry out information security survey/assessment in the field and at HQ: Organize phishing/alert exercises. Analyze and publish results;
• Improve the reporting and handling of information security incidents, in both managers and staff, in order to improve the institutional response;
• Monitor KPIs and adapt the plan of action accordingly.

Education and experience required

• At least 5 years professional experience in developing and promoting information/cyber security policies
•  Experience in leading an information security awareness campaign in a large organization.
• Experience in communications. 
• Attested capacity to effectively engage adults / diverse audiences in learning projects. 
• University degree in computer science, engineering or a related ICT field
• Advanced degree in ICT security or equivalent experience. 
• Knowledge of information security standards, frameworks and best practice (ISO 27001,NIST, ENISA, SANS). 
• Knowledge of information management standards, frameworks and best practice. 
• Security certifications, such as CISSP, GIAC, CompTIA Security+ or CEH are an asset. 

Desired profile and skills

• Excellent command (spoken and written) of English and French.  
• Excellent communication skills. Capacity to present complex information in simple terms and make it accessible to technology neophytes. 
• Analytical minded with a systematic approach, able to respond quickly to changing circumstances, challenge requests, value different perspectives and ideas.
• Excellent communication, interpersonal and conceptual thinking skills.
• Focuses on results and desired outcomes and how best to achieve them.
• Adheres to a strong set of moral, ethical and professional principles.
• Availability to do short regular missions abroad (around 20% of the time) in contexts where ICRC is operational.

Additional information

• Location :                           Geneva
• Type of contract :               Maximum-term
• Length of assignment :       2 years
• Activity rate :                      100%
• Estimated start date :         ASAP
• Application deadline :      22.04.2018